I encountered a worm or spyware this past week.
for many many hours I tried to remove several key exe's
(they are just popup generators)
ok
I goto del the file.. but the file is not visible (yes, I did my folder
options, show hidden, and show protected etc...)
but! can't see them..ah! but I can see them from the command prompt.
I know they are there as I could not overwrite them with a dummy file.
I could not overwrite them yes because they were in use, but... how do
you kill a process
that does attach itself to every exe that is ran. (yes... every exe
makes new instance)
no matter the exe I run.. like.. explorer, taskman, msconfig.. etc...
a new instance of that exe is ran...
I have removed it from startbatch, I even went through the registry and removed every reference to those file names...
(im wondering if there is a logoff batch...I never checked for that)
well... I just could not get rid of those two executables
"I have tried more but will not fit here"
2006-07-23 02:38:47 · 9 answers · asked by ZOM 1 in Computers & Internet ➔ Software
every time I created a fake exe (in order to replace the bad one)
even if I put that exe on my desktop... as long as it carried the same
name as the bad one
it was not visible...(yes, I had toggled.. "show me everything,
protected files and all)
and! neither could I delete this file I created it... it was just a
bogus file to swap on the reboot...but long as it carried the same name
as the bad files, they also took on the properties of those bad
files... (what is that about?)
2006-07-23 02:54:19 · update #1
I have Windows XP Pro SP2
and i have tried to remove this with Norton 2006, PC-cillin 2006, AVG 7 free, and Spybot S&D 1.4
Cillin detects every time when i run anything, but only quarantines a file called calco.exe. i have over 200 calco.exe's quarantined.
2006-07-23 02:55:56 · update #2
Try the best!
http://www.superantispyware.com/
I have tried to so many, all looks fail to me except above.
2006-07-23 03:25:28 · answer #1 · answered by Buzzy Buddy 3 · 2⤊ 0⤋
try this spyware cleaner. was recommended by my ISP providor. Also, Microsoft has their own spyware removal page. I just went looking for it but couldn't find it. It is under Beta. Between the two of these you shoul be able to remove just about anything. If not you can call Microsoft free of charge for assistance with spyware removal as they recognize it as glitches in their system. They will talk you through what to do. Good luck with this. Such a PITA.
You are getting a couple of different sites to try. It will not hurt your computer to run several of them. Time consuming as hell but it looks as if you have already been there.
Then I suggest you update your anti-spyware. The ISP I use now offers this free. Ours is F-Secure which is the same one the government uses. It blocks just about anything and not even cookies get by since I started using it. Not a sales pitch. Just a good product.
2006-07-23 09:50:54 · answer #2 · answered by Justme 4 · 0⤊ 0⤋
Have you tried running your scans and such in safe mode? Many of the scanners will work there and many processes are never started there. Spybot search and destroy has a process manager that can be usefull in the advanced tools section. If you do not have it, download hijackthis! but be carefull with it. I have found several good tools such as rougescanfix and brute force uninstaller at bleepingcomputer.com, and you can post a hijackthis! log there for examination and recommendations.
2006-07-23 09:52:39 · answer #3 · answered by Interested Dude 7 · 0⤊ 0⤋
You need to have one anti-virus and one firewall program (only one of each, else they may conflict with one another--and forget about Microsoft's firewall--it does not stop things from going out the backdoor of your computer).
You can and should have multiple (anti-)spyware programs. I use both Spybot and Ad-aware.
Go to this site:
http://komando.com/downloads/
categories.aspx?cat=Security
for links to good, free security programs.
Also, make sure you are receiving the MS updates. Be sure to update your anti-virus and anti-spyware program at least once a week and run them (I run Ad-aware each time before logging off).
2006-07-23 11:26:03 · answer #4 · answered by williamh772 5 · 0⤊ 0⤋
From my hubby: Start your computer up in safe mode & go to the command prompt & delete the file. If all else fails, the best way is to format the drive & reinstall the operating system.
2006-07-23 09:43:35 · answer #5 · answered by ~*Lady Beth*~ 4 · 0⤊ 0⤋
i'm not sure if this will work with your problem but you could try this:
1. if you have a BOOTABLE anti-virus cd like the Norton2005
bootable cd, you could boot from it after POST and scan/remove
virus from that. and you'll be surprise its not that hard work
if the first step isn't working and after you restart your pc and the
virus' still there you might want to try step 2
2. this might not make any sense but try scanning your computer
again for spyware cuz (sometimes) it automatically re-installs
that certain virus when you restart your computer. it worked for
me, uhm i guess there
after deleting that spyware you may want to go back to step 1
hope this helps you, im not after the IT GOD title, just wanna help. =)
2006-07-23 09:51:28 · answer #6 · answered by » pōпб§±ë® ¬ 4 · 0⤊ 0⤋
Go to symantec.com with virus/trojan defintion. There are instructions on their site for manual removal of known virus/trojans. Try starting your pc in safe mode so the .exe's arent running
2006-07-23 09:45:16 · answer #7 · answered by Dan B 1 · 0⤊ 0⤋
you just to have the right tools
http://www.eset.com/download/index.php
get the desk top try for thirty days version if it's a worm this will remove it for good.
2006-07-23 09:48:55 · answer #8 · answered by BigBadWolf 6 · 0⤊ 0⤋
hey!
i have good program for killing process ! that is great! I uploded it for you. if you know what process is, you can easily kill that process. download from:
http://www.megashare.com/32182 ( for download wait 60 sec)
if you don't know what process is, try Zone alarm antivirus(last ver) or kaspersky antivirus, they are great.you will success
2006-07-23 10:25:59 · answer #9 · answered by Morgan Barazesh 1 · 0⤊ 0⤋